CVE-2025-0074
Published: 26 August 2025
Summary
CVE-2025-0074 is a critical-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the use-after-free vulnerability by requiring timely identification, reporting, and application of the specific upstream patch for the Bluetooth SDP processing flaw.
Implements memory protection mechanisms such as address space randomization and non-executable memory that defend against exploitation of the use-after-free in sdp_discovery.cc.
Authorizes and controls wireless Bluetooth access to limit exposure to remote crafted SDP discovery response packets that trigger the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in Bluetooth SDP handler directly enables unauthenticated remote code execution over a network protocol with no user interaction.
NVD Description
In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Deeper analysisAI
CVE-2025-0074 is a use-after-free vulnerability in the process_service_attr_rsp function within sdp_discovery.cc, part of the Android platform's Bluetooth module located at packages/modules/Bluetooth. This flaw enables arbitrary code execution, potentially leading to remote code execution without requiring additional execution privileges. The vulnerability is classified under CWE-416 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of prerequisites.
A remote attacker can exploit this vulnerability by triggering the use-after-free condition during Bluetooth Service Discovery Protocol (SDP) interactions, achieving remote code execution on the targeted Android device. No user interaction is required, and no privileges are needed, making it accessible to any adversary within Bluetooth range who can send crafted SDP discovery response packets.
Mitigation is addressed in the Android Security Bulletin for March 2025, available at https://source.android.com/security/bulletin/2025-03-01. A specific upstream patch fixing the issue is provided at https://android.googlesource.com/platform/packages/modules/Bluetooth/+/37bcf769c1aa8dfa8e5524858d47f6a80b765fa4, which security practitioners should verify and apply to affected Android builds.
Details
- CWE(s)